zlib-1.1.3 had a potential security flaw which is fixed by zlib-1.1.4:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Zlib Advisory 2002-03-11
zlib Compression Library Corrupts malloc Data Structures via Double Free

   Original release date: March 11, 2002
   Last revised: March 11, 2002
   Source: This advisory is based on a CERT advisory written
           by Jeffrey P. Lanza  http://www.kb.cert.org/vuls/id/368819

Systems Affected

     * Any software that is linked against zlib 1.1.3 or earlier
     * Any data compression library derived from zlib 1.1.3 or earlier

Overview

   There is a vulnerability in the zlib shared library that may introduce
   vulnerabilities   into   any   program   that   includes   zlib.  This
   vulnerability has been assigned a CVE name of CAN-2002-0059
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0059

I. Description

   There  is  a  vulnerability in the decompression algorithm used by the
   popular  zlib  compression  library.  If an attacker is able to pass a
   specially-crafted  block of invalid compressed data to a program  that
   includes zlib,  the program's  attempt to decompress  the crafted data
   can cause the  zlib  routines to corrupt the internal data  structures
   maintained by malloc.

   The  vulnerability  results  from  a  programming  error  that  causes
   segments of dynamically allocated memory to be released more than once
   (aka.   "double-freed").  Specifically,  when  inftrees.c:huft_build()
   encounters  the  crafted data, it returns an unexpected Z_MEM_ERROR to
   inftrees.c:inflate_trees_dynamic().  When a subsequent call is made to
   infblock.c:inflate_blocks(), the inflate_blocks function tries to free
   an internal data structure a second time.

   Because  this  vulnerability interferes with the proper allocation and
   de-allocation of dynamic memory, it may be possible for an attacker to
   influence  the  operation  of  programs  that  include  zlib.  In most
   circumstances,  this influence will be limited to denial of service or
   information  leakage, but it is theoretically possible for an attacker
   to  insert  arbitrary  code into a running program. This code would be
   executed with the permissions of the vulnerable program.

II. Impact

   This vulnerability may introduce vulnerabilities into any program that
   includes  the  affected library. Depending upon how and where the zlib
   routines   are   called   from   the   given  program,  the  resulting
   vulnerability may have one or more of the following impacts: denial of
   service, information leakage, or execution of arbitrary code.

III. Solution

Upgrade your version of zlib

   The  maintainers  of  zlib have released version 1.1.4 to address this
   vulnerability.  Any software that is linked against or derived from an
   earlier  version  of  zlib  should be upgraded immediately. The latest
   version of zlib is available at http://www.zlib.org

   The md5 sums of the source archives are:
       abc405d0bdd3ee22782d7aa20e440f08  zlib-1.1.4.tar.gz
       ea16358be41384870acbdc372f9db152  zlib-1.1.4.tar.bz2

IV. Acknowledgments

Thanks to Owen Taylor and Mark Cox of Redhat, Inc. for the
reporting and research of this vulnerability.


This document is available from
http://www.gzip.org/zlib/advisory-2002-03-11.txt

The public PGP key of zlib author Jean-loup Gailly is available from
http://www.gzip.org/zlib/jloup.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8jSR02aJ9JQGWcacRAuDEAKCWdrRkWeJV9lYU5z8NN56s3m8eKACglR4m
42KDUGHuftBkwACTMCnZLEo=
=3yLS
-----END PGP SIGNATURE-----

Makefile.am

@@ -7,7 +7,7 @@ EXTRA_DIST = \
 	SimGear.dsp \
 	SimGear.dsw \
 	metakit-2.4.2-32.tar.gz \
-	zlib-1.1.3.tar.gz
+	zlib-1.1.4.tar.gz
 
 SUBDIRS	= simgear
 

README.zlib

@@ -23,10 +23,11 @@ We now send you to the official zlib README ...
 
 =============================================================================
 
-zlib 1.1.3 is a general purpose data compression library.  All the code
+
+zlib 1.1.4 is a general purpose data compression library.  All the code
 is thread safe.  The data format used by the zlib library
 is described by RFCs (Request for Comments) 1950 to 1952 in the files 
-ftp://ds.internic.net/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate
+http://www.ietf.org/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate
 format) and rfc1952.txt (gzip format). These documents are also available in
 other formats from ftp://ftp.uu.net/graphics/png/documents/zlib/zdoc-index.html
 
@@ -39,51 +40,50 @@ except example.c and minigzip.c.
 
 To compile all files and run the test program, follow the instructions
 given at the top of Makefile. In short "make test; make install"
-should work for most machines. For Unix: "configure; make test; make install"
+should work for most machines. For Unix: "./configure; make test; make install"
 For MSDOS, use one of the special makefiles such as Makefile.msc.
 For VMS, use Make_vms.com or descrip.mms.
 
-Questions about zlib should be sent to <zlib@quest.jpl.nasa.gov>, or to
+Questions about zlib should be sent to <zlib@gzip.org>, or to
 Gilles Vollant <info@winimage.com> for the Windows DLL version.
-The zlib home page is http://www.cdrom.com/pub/infozip/zlib/
-The official zlib ftp site is ftp://ftp.cdrom.com/pub/infozip/zlib/
-Before reporting a problem, please check those sites to verify that
+The zlib home page is http://www.zlib.org or http://www.gzip.org/zlib/
+Before reporting a problem, please check this site to verify that
 you have the latest version of zlib; otherwise get the latest version and
 check whether the problem still exists or not.
 
-Mark Nelson <markn@tiny.com> wrote an article about zlib for the Jan. 1997
+PLEASE read the zlib FAQ http://www.gzip.org/zlib/zlib_faq.html
+before asking for help.
+
+Mark Nelson <markn@ieee.org> wrote an article about zlib for the Jan. 1997
 issue of  Dr. Dobb's Journal; a copy of the article is available in
-http://web2.airmail.net/markn/articles/zlibtool/zlibtool.htm
+http://dogma.net/markn/articles/zlibtool/zlibtool.htm
 
-The changes made in version 1.1.3 are documented in the file ChangeLog.
-The main changes since 1.1.2 are:
+The changes made in version 1.1.4 are documented in the file ChangeLog.
+The only changes made since 1.1.3 are bug corrections:
 
-- fix "an inflate input buffer bug that shows up on rare but persistent
-  occasions" (Mark)
-- fix gzread and gztell for concatenated .gz files (Didier Le Botlan)
-- fix gzseek(..., SEEK_SET) in write mode
-- fix crc check after a gzeek (Frank Faubert)
-- fix miniunzip when the last entry in a zip file is itself a zip file
-  (J Lillge)
-- add contrib/asm586 and contrib/asm686 (Brian Raiter)
-  See http://www.muppetlabs.com/~breadbox/software/assembly.html
-- add support for Delphi 3 in contrib/delphi (Bob Dellaca)
-- add support for C++Builder 3 and Delphi 3 in contrib/delphi2 (Davide Moretti)
-- do not exit prematurely in untgz if 0 at start of block (Magnus Holmgren)
-- use macro EXTERN instead of extern to support DLL for BeOS (Sander Stoks)
-- added a FAQ file
+- ZFREE was repeated on same allocation on some error conditions.
+  This creates a security problem described in
+  http://www.zlib.org/advisory-2002-03-11.txt
+- Returned incorrect error (Z_MEM_ERROR) on some invalid data
+- Avoid accesses before window for invalid distances with inflate window
+  less than 32K.
+- force windowBits > 8 to avoid a bug in the encoder for a window size
+  of 256 bytes. (A complete fix will be available in 1.1.5).
+
+The beta version 1.1.5beta includes many more changes. A new official
+version 1.1.5 will be released as soon as extensive testing has been
+completed on it.
 
-plus many changes for portability.
 
 Unsupported third party contributions are provided in directory "contrib".
 
-A Java implementation of zlib is available in the Java Development Kit 1.1
+A Java implementation of zlib is available in the Java Development Kit
 http://www.javasoft.com/products/JDK/1.1/docs/api/Package-java.util.zip.html
-See the zlib home page http://www.cdrom.com/pub/infozip/zlib/ for details.
+See the zlib home page http://www.zlib.org for details.
 
 A Perl interface to zlib written by Paul Marquess <pmarquess@bfsec.bt.co.uk>
-is in the CPAN (Comprehensive Perl Archive Network) sites, such as:
-ftp://ftp.cis.ufl.edu/pub/perl/CPAN/modules/by-module/Compress/Compress-Zlib*
+is in the CPAN (Comprehensive Perl Archive Network) sites
+http://www.cpan.org/modules/by-module/Compress/
 
 A Python interface to zlib written by A.M. Kuchling <amk@magnet.com>
 is available in Python 1.5 and later versions, see
@@ -142,7 +142,7 @@ Acknowledgments:
 
 Copyright notice:
 
- (C) 1995-1998 Jean-loup Gailly and Mark Adler
+ (C) 1995-2002 Jean-loup Gailly and Mark Adler
 
   This software is provided 'as-is', without any express or implied
   warranty.  In no event will the authors be held liable for any damages